Reaction to news of the potentially serious NHS data loss was swift and condemning from the IT security vendor community.

Nick Lowe, head of Check Point Software's sales for Western Europe, said that the scale of this potential data loss drives home just how essential it is to have mandatory, strong encryption on all sensitive, personal information on laptops and portable storage devices - even if those devices are stored in supposedly secure areas within buildings.

"But according to our December 2010 survey, less than half of all UK firms encrypt their laptops - and that figure hasn’t really changed in the last three years. So data security is still being mostly left to chance", he said.

Over at ViaSat UK (formerly Stonewood) Chris McIntosh, the firm's CEO, said that regardless of whether this laptop has been stolen, lost, dumped or is simply sitting in a cupboard somewhere, the key point is that the data on it wasn't encrypted.

"When a machine contains highly sensitive information on literally millions of patients, not securing the data on it by any means possible isn't just careless: it's sheer negligence. With the value of the data on such a machine in the tens of thousands of pounds, spending a little extra on security should be a no-brainer", he said.

McIntosh, who has previously lambasted the Information Commissioner's Office for failing to penalise data breach offenders, added that the NHS unit concerned cannot claim it was ignorant of the dangers of unencrypted machines and the risks of a loss.

"It is to be hoped that the ICO acts swiftly and decisively to pass a strong message in this case and that, more importantly, the data on the laptop itself doesn't end up in the wrong hands", he said.

"If it does, innocent members of the public could find extremely sensitive, personal information that should have been strictly confidential being used against them", he added.